1. Getting Started Guide
  2. Changes to IDCS and OCI IAM Operations
  3. OCI Identity Domains: What OCI Customers Need to Know
  4. How Do the Changes to OCI IAM Impact Existing OCI Tenancies?

How Do the Changes to OCI IAM Impact Existing OCI Tenancies?

OCI administrators are already be familiar with the Oracle Cloud Infrastructure Identity and Access Management (OCI IAM) service that enables authentication into OCI and management of access entitlements for OCI resources by way of OCI IAM policies. Many customers choose to use Oracle Identity Cloud Service (IDCS) to also enable more advanced IAM deployments, which creates an additional layer of IAM to manage and sometimes incurs additional cost.

The introduction of identity domains adds the following features natively to the OCI IAM service to help simplify administration and operational management.
  • Powerful IAM Functionality at No Additional Cost—Oracle brought all the enterprise IAM capabilities of IDCS into OCI IAM natively. IAM functionality such as advanced authentication techniques and user life cycle management are now natively available and included in your existing OCI tenancies for use with your subscribed* Oracle services.

    Note:

    *Upgrades are available to provide IAM support beyond subscribed Oracle services.
  • Single-Point Authentication—The OCI IAM upgrade simplifies the OCI sign-on screen.
  • Single-Point of IAM Management—Customers who previously used IDCS with OCI tenancies may notice simplified administration by way of a single pane for all users. Identity administration is now available through the OCI Admin console under Identity & Security, Domains.
  • No Impact for Existing Users, Policies, Configuration, or Access—The OCI IAM upgrade maintains all existing security policies, configurations, and user populations. Expect no impact to security settings or to the user experience. Oracle did not remove functionality or change any policy configurations.
  • Disaster Recovery—OCI IAM now provides a cross-region disaster recovery feature for recovering identity domain data in a scenario where an entire OCI region becomes unavailable. The disaster recovery feature is included and does not require any changes or updates to existing applications.